| Max CVSS | 5.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-19041 | 4.3 |
The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
|
01-02-2019 - 19:40 | 31-01-2019 - 19:29 | |
| CVE-2018-19040 | 5.0 |
The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
|
01-02-2019 - 16:48 | 31-01-2019 - 19:29 | |
| CVE-2018-19042 | 5.0 |
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI.
|
01-02-2019 - 16:23 | 31-01-2019 - 19:29 | |
| CVE-2018-19043 | 5.0 |
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI.
|
01-02-2019 - 16:07 | 31-01-2019 - 19:29 |